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DETAILED ACTION 

1 . This action is responsive to communication: original application filed 
17 August 2000. 

2. Claims 1-51 are currently pending in this application. Claims 1, 26, and 51 are 
independent claims. Claim 47 has been amended. 

3. Objection to claims 47-50 withdrawn due to amendment. 

Response to Arguments 

4. Applicants arguments filed on 7 October 2004 have been fully considered but they are 
not persuasive. 

In response to applicant's argument beginning on page 12 with respect to independent 
claims 1, 26, and 51, "This is in contrast to Reardon 635, which teaches the use of a token 
for user identification ... (rather than to control the security configuration of the system as 
taught in the present invention)". The Office disagrees the reference uses a security gateway 
to control and configure security parameters. In addition the reference teaches that it is more 
than a user access system because it does not lack a hardware security gateway see '635 col. 3, 
lines 30-58 "Commercial security programs that allow user configuration, but lack a hardware 
security gateway and token based configuration include . . . invention lacks the user accessible 
configuration switch of the present invention and the use of a token as described herein. The 
present invention provides a security gateway that operates by intercepting the system data path, 
address bus, and control logic signals between the CPU and peripherals such as hard drives and 
network communication cards". 
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In response to applicant's argument on page 13 with respect to independent claims 1, 26, 
and 51, "Reardon 635, in fact teaches away from the present invention ... Reardon 635 teaches 
doing security configuration through traditional user-interface software rather than through use 
of physical objects as taught by the present invention". The office disagrees with argument, for 
the following reasons: 

a) The reference should be interpreted as a whole rather than taken only a 
portion of the cited text the reference explains how tokens can be configured by one in 
possession the MASTER TOKEN see col. 15, lines 15-45 for a more complete 
description of the configuration control. 

b) The claimed invention "physical objects" or "data carrying object" has 
the same meaning as a token. Tokens are data carrying objects the applicant has not 
provided any further limitation or description in the claims or specification that would 
overcome this definition, (i.e. token has the same meaning as "data carrying object"). 

In response to applicant's argument on page 13 directed to claim 4, "the passage at 
column 12, lines 25-28 makes no mention of "in order to initiate said security configuration". 
The office disagrees, applicant is reminded they need to interpret the reference as a whole, if the 
applicant read column 12, lines 1-28 they should understand that the reference teaches tokens 
can be configured for individuals. 

In response to applicant's argument on page 13 with respect to claims 8 and 32, "the 
passage at column 3, lines 63-67, does not support first and second data-carry objects". Again 
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applicant is reminded the reference should be interpreted as a whole document. In addition 
unless further limitations are provided the data carry object has the same meaning as a token. 

In response to applicant's argument on page 13 with respect to claims 10, 1 1, 34, and 35 
"The passage nowhere mentions a pair. Also the passage does not teach that "data carrying 
objects in any given pair are imprinted with a same visible identification information". The 
Office disagrees the reference as a whole teaches the pair the passage quoted is merely 
providing an example of how markings can be employed (Note: i.e. "markings" has the same 
meaning as "visible identification information"). 

In response to applicant's argument on page 14 with respect to claims 13 and 37 and 
argument on page 14 with respect to claims 14 and 28, "the passage at column 15, lines 25-28, 
refers to a user interface for changing passwords and other authentication data and does 
not refer to groups of three data-carrying objects" and "the passage at column 15, lines 16- 
21, refers to menu options ... not refer to identification of all individual data-carrying 
objects in the group". The office disagrees, applicant is reminded they need to interpret the 
reference as a whole , if the applicant read column 12, lines 1-28 they should understand that the 
reference teaches tokens can be configured for individuals not just one user at a time. The 
passage cited is referring to users or user groups, note "three" could be considered a group, 
likewise a group is a group. 

In response to applicant's argument on page 14 with respect to claim 42, "the passage at 
column 19, lines 36-39, refers to menu option of software keys of a user interface for 
implementing changes to the security system does not refer to denying access to a resource 
unless every data-carrying object of the group is inserted into the receptacle". The Office 
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disagrees the passage "to divide the SYSTEM MASTER KEY into several parts that would be 
placed in escrow with two or more trusted corporate officials. These escrowed keys would be 
useless until they are used in combination with each other". Has the same meaning as the 
claimed invention. 

In response to applicant's argument on page 14 with respect to claims 18 and 43, "the 
passage at column 14, lines 21-42, refers to installation via the user interface of a new 
security program shell and does not refer to adding a new information appliance to the 
creation of tokens based on a master token and not to inserting, to a receptacle associated 
with an information appliance representing the resource, a data-carrying object 
representing the principal". The Office disagrees with argument, again applicant is reminded 
of entire reference , the cited passage which is directed to upgrading the shell, has the same 
meanings as adding a new appliance. To gain a better understanding see '635 col. 7, lines 1-11 
"Security gateway: A programmable device that is independent of the CPU and situated in such 
manner as to be able to control or block the CPU's access to secured peripheral such as mass 
memory storage devices, network communication devices and the token reader . . Shell: A 
security program consisting of two parts, a CPU Security Program and a Gateway Program". 
Note: "appliances" has the same meaning as "peripherals". 

In response to applicant's argument on page 14 with respect to claims 21 and 46, "the 
passage at column 11, lines 10-14 refers to the creation of tokens based on a master token 
and not to inserting, to a receptacle associated with an information appliance representing 
the resource, a data-carrying object representing the principal". The Office disagrees the 
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whole reference should be considered in addition the passage cited indicates how an additional or 
new tokens can be made associated with the particular application. 

In response to applicant's argument on page 15 with respect to claims 3, 6, 28, 30, and 
31, "suggestion to add Reardon 562 to Reardon 635, the control would be achieved by 
means of switches and not by way of tokens ... have any of the features recited in these 
claims". The Office disagrees with argument; again the references as whole indicate the features 
claimed. In this example the combination teaches the claimed invention. 

In response to applicant's argument beginning on page 15 with respect to claims 3, 6, 28, 
30, and 31, "Therefore, one of ordinary skill in the art would not be motivated to implement 
any of Reardon 562 in Reardon 635". The Office disagrees the references are motivated to be 
combined for the reasons cited in the office action. Likewise Reardon '635 references '562 in 
the prior art. In addition the passage cited in Reardon '635 could easily be changed to indicate 
that the token must remain since the ability to sense whether the token is present or not present is 
in the existing system eliminating the need of combining the two references in order to show the 
claimed invention. 

In response to applicant's argument on page 16 with respect to claims 1 and 26, "Flyntz, 
like Reardon 635 uses a smart card for user authentication and not for security 
configuration of the system". The Office disagrees the reference Reardon '635 uses a security 
gateway to control and configure security parameters. In addition the reference teaches that it is 
more than a user access system because it does not lack a hardware security gateway see '635 
col. 3, lines 30-58 "Commercial security programs that allow user configuration, but lack a 
hardware security gateway and token based configuration include . . . invention lacks the user 
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accessible configuration switch of the present invention and the use of a token as described 
herein. The present invention provides a security gateway that operates by intercepting the 
system data path, address bus, and control logic signals between the CPU and peripherals such as 
hard drives and network communication cards" 

In response to applicant's argument on page 16 with respect to claims 12, 17, 36, and 41 
"Reardon '635 teaches that the data-carrying objects are provided as a pair is erroneous" 
and "Fehrman relates to a smart card having a removable integrated circuit. The 
integrated circuit is removable from an assembly only with a special tool ... There is no 
suggestion in either Reardon '635 or Fehrman to make the combination proposed ... This 
suggestion is improperly based on the hindsight of Applicant's disclosure". The Office 
disagrees for the following reasons: 

a) Reardon '635 teaches can be provided as a pair see '635 col. 12, line 1-3 and col. 19, 
lines 35-41. 

b) The suggestion is to combine is in the original office action see Fehrman c 163 col. 2, 
lines 4 et seq. 

Claim Rejections - 35 USC § 102 
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - ^ 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 
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6. Claims 1, 2, 4, 5, 8, 10, 11, 13-16, 18-22, 26, 27, 29, 32, 34, 35, 37-40, 42-47, and 51 are 

rejected under 35 U.S.C. 102(e) as being anticipated by Reardon U.S. Patent No. 6,212,635 
(hereinafter '635). 

As to independent claim 26, "A method for the secure installation and use of an 
information system having a plurality of nodes, where said plurality of nodes include at 
least one information appliance and at least one security console, comprising steps of 9 is 
taught in '635 col. 3, lines 12-18; 

"providing at least one data-carrying object containing security-related data; and 
inserting the data-carrying object into at least one object receptacle that comprises a 
portion of at least one of the nodes, the data-carrying object being inserted into the 
receptacle for reading-out the security-related data for indicating to the information 
system a desired security configuration" is shown in '635 col. 7, lines 13-20. 

As to dependent claim 27, "wherein the data-carrying object stores the security- 
related data in a form that can be read-out by one of an electrical sensor, an optical sensor, 
or a magnetic sensor" is disclosed in '635 col. 7, lines 13-20. 

As to dependent claim 29, "wherein an information appliance has associated 
therewith at least one corresponding data-carrying object for inserting into the receptacle, 
wherein the receptacle has an output coupled to the security console in an information 
system where the information appliance is intended to be used for indicating that the 
information appliance is one of a trusted information appliance" is disclosed in '635 col. 7 
lines 20-25; 

"or an untrusted information appliance" is taught in '635 col. 7, lines 34-36. 
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As to dependent claim 32, "wherein the data-carrying objects are provided as a 
pair, wherein a first receptacle has an output coupled to the security console in an 
information system where the information appliance is intended to be used for indicating, 
from security-related data contained on a first one of the pair of data-carrying objects, that 
the information appliance is one that is authorized to fulfil and originate requests for 
information system resources, and wherein a second receptacle has an output coupled to 
the information appliance for indicating, from security- related data contained on a second 
one of the pair of data-carrying objects, that the security console is authorized to fulfil and 
originate requests for information appliance resources, including information" is shown in 
'635 col. 3, lines 63-67. 

As to dependent claim 34, "wherein the data-carrying objects are provided as a 
pair, and wherein data-carrying objects in any given pair are the same shape, and no two 
data-carrying objects not in the same pair are the same shape" is taught in '635 col. 25, lines 
34-37. 

As to dependent claim 35, "wherein the data-carrying objects are provided as a 
pair, and wherein data-carrying objects in any given pair are imprinted with a same visible 
identification information, and no two data-carrying objects not in the same pair are 
imprinted with the same visible identification information" is shown in '635 col. 25, lines 34- 
37. 

As to dependent claim 37, "wherein data-carrying objects are obtained in groups of 
at least three, and where access to a resource, including information, is obtained by 
providing one subset of data-carrying objects from a group to a receptacle associated with 
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a requestor of the resource, and a disjoint set of data-carrying objects from the same group 
is provided to the security console" is disclosed in '635 col. 15, lines 25-28. 

As to dependent claim 38, "wherein identifications of all individual data-carrying 
objects in the group can be ascertained by viewing the Security console, even if some 
subset of the data-carrying objects are provided to a receptacle associated with a requestor 
of the resource" is taught in c 635 col. 15, lines 16-21. 

As to dependent claim 39, "wherein a utilization of different disjoint subsets of the 
data-carrying objects in a group indicates different levels of trust to be granted to the 
requestor with respect to the resource" is shown in '635 
col. 12, lines 1-9. 

As to dependent claim 40, "wherein a utilization of different disjoint subsets of the 
data-carrying objects in a group indicates different levels of authorization to be granted to 
the requestor with respect to the resource" is disclosed in '635 col. 12, lines 1-9. 

As to dependent claim 42, "in which access to the resource is denied unless every 
data-carrying object of the group is inserted into a receptacle" is taught in '635 col. 19, lines 
36-39. 

As to dependent claim 43, "and further comprising a step of adding a newly- 
obtained information appliance to a group of authorized information appliances, on behalf 
of a principal, by inserting a data-carrying object representing the principal to a receptacle 
of the information appliance" is shown in 635 col. 14, lines 21-42. 
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As to dependent claim 44, " wherein the data-carrying object representing the 
principal contains data which includes at least one secret known only to the principal" is 
disclosed in '635 col. 10, lines 64-65. 

As to dependent claim 45, "wherein the secret known only to the principal 
comprises the private half of a public-private key pair associated with an asymmetric 
cryptosystem" is taught in '635 col. 11, lines 1-9. 

As to dependent claim 46, "in which a certain principal, and at least one 
information appliance authorized to act on behalf of the principal, is granted a certain level 
of access to a certain resource by inserting, to a receptacle associated with an information 
appliance representing the resource, a data-carrying object representing the principal" is 
shown in '635 col. 11, lines 10-14. 

As to dependent claim 47, "wherein data contained in the data-carrying object 
representing the principal comprises the public half of a public-private key pair associated 
with an asymmetric cryptosystem" is disclosed in '635 col. 11, 
lines 1-9. 

As to independent claim 1, this claims is directed to the apparatus of the method of 
claim 26 and is similarly rejected along the same rationale. 

As to independent claims 51, this claims is directed to computer-readable storage 
medium of the method of claim 26 and is similarly rejected along the same rationale 

As to dependent claim 4, "wherein said data-carrying object is temporarily made 
readable by said receptacle in order to initiate said security configuration" is taught in '635 
col. 12, lines 25-28. 
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As to dependent claims 2, 5, 8, 10, 11, 13-16, and 18-22, these claims incorporate 
substantially similar subject matter as in cited in the claims 27, 29, 32, 34, 35, 37-40, and 43-47 
above and are rejected along the same rationale. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35*U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 3, 6, 7, 28, 30, and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over '635 in further view of Reardon U.S. Patent No. 5,434,562 (hereinafter '562). 

As to dependent claim 28, "wherein the data-carrying object either" and "or is 
temporarily inserted in or otherwise made readable by the receptacle either before or 
during the operation of the information system" is taught in c 635 col. 12, lines 25-28 "the 
user could be instructed to remove the token before allowing access"; 

the following is not taught in '635 "remains inserted in the receptacle during the 
operation of the information system" however '562 teaches "Typically, the disabling of the 
peripheral device is executed by the user operating a switch, which may be of a keylocking type, 
which fully or partially disables the peripheral device as long as the switch is activated" in col. 3, 
lines 41-44. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the network security system taught in '635 to include a means to protect 
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devices as long as a key is active. One of ordinary skill in the art would have been 
motivated to perform such a modification to protect a computer system from 
unauthorized access see '562 (col. 1, lines 45 et seq.) "By providing complete user 
control over a computer's access to its peripheral devices, this invention allow the user 
to implement greater security precautions against unauthorized programs or users". 

As to dependent claim 30, "wherein an information appliance is given access to 
information system resources, including information, by inserting a data- 
carrying object associated with the security console into the receptacle" is 

taught in '635 col. 11, lines 33-53 "In a typical application, the User X would place the 
token, 16, in token reader, 14. The token reader would transfer information from the 
token to the security gateway ... While such peripherals cannot be protected in the 
same fashion as "down line" peripherals which have the security gateway interposed 
between themselves and the CPU, the security gateway can still provide some 
protection for the "up line" peripherals"; 

"the receptacle having an output that is coupled to the information appliance" is 

shown in '562 col. 3, lines 50-52 "physically disconnect thye power supply to the mass 
storage media device and/or the communication link to the network". 
As to dependent claim 31, "wherein each of the information appliance and the 
security console have associated therewith at least one corresponding data- 
carrying object" is disclosed in '635 col. 12, lines 1-2 "Tokens can be created for each 
individual and also for specific applications" 
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"wherein a first receptacle has an output coupled to the security console in an 
information system where the information appliance is intended to be used for 
indicating, from security-related data contained on the data-carrying object 
associated with the information appliance, that the information appliance is one 
that is authorized to fulfil and originate requests for information system 
resources, and wherein a second receptacle has an output coupled to the 
information appliance for indicating, from security-related data contained on the 
data-carrying object associated with the security console, that the security 
console is authorized to fulfil and originate requests for information appliance 
resources, including information" is taught in '542 col. 3, lines 29-39 "This invention 
describes a means and process by which to disable the computer's access to all or 
part of a computer's memory system or associated peripherals". 
As to dependent claims 3, 6, and 7, these claims incorporate substantially similar 
subject matter as in cited in the claims 28, 30, and 31 above and are rejected along the 
same rationale. 

9. Claims 9, 23, 24, 25, 33, 48, 49, and 50 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over '635 in further view of Flyntz U.S. Patent No. 6,389,542 
(hereinafter '542). 

As to dependent claim 33, the following is not taught in '635 "wherein there 
are a plurality of the receptacles, and wherein an insertion of a data-carrying 
object into a first receptacle indicates different security-related information than 
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inserting the data-carrying object into a second receptacle" however '542 teaches 
"if the removable memory for the second security subsystem is correctly inserted in the 
memory receptacle. In response to the first activation signal, the first electronically 
activated switch disconnects the common contact from the first contact and connects 
the common contact with the second contact" in col. 3, lines 30-36. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the network security system taught in c 63 5 to include a means to address multiple 
device receptacles. One of ordinary skill in the art would have been motivated to perform such a 
modification to utilize a multilevel security environment see '542 (col. 1, lines 14 et seq.) "This 
invention relates to computer security, and more particularly, to a multilevel computer security 
system and a method for controlling user access which allows a computer to be used in a 
multilevel security environment, but prevents access". 

As to dependent claim 48, "in which the data-carrying object representing the principal 
comprises an image of the principal" is taught in '542 col. 6, lines 37-43 "The smart-card 30 has 
identification information about the card owner stored within its internal memory ... Biometrics 
are essentially a stored representation of a physical characteristic of the card owner". 

As to dependent claim 49, "in which the data-carrying object representing the principal 
comprises a computer readable data portion and an image of the principal" is shown in in '542 
col. 6, lines 37-43. 

As to dependent claim 50, "further comprising a step of providing a holder for 
holding the computer- readable data portion such that both the computer- readable data 
portion and the image are accessible" is disclosed in in '542 col. 6, lines 37-43. 
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As to dependent claims 9, 23, 24, and 25 this claim incorporate substantially similar 
subject matter as in cited in the claims 33, 48, 49, and 50 above and are rejected along 
the same rationale. 

10. Claims 12, 17, 36, and 41 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over '635 in further view of Fehrman et al. U.S. Patent No. 6,193,163 (hereinafter '163). 
As to dependent claim 36, "wherein the data-carrying objects are provided as a 
pair" is taught in '635 col. 3, lines 63-67 "The security gateway generates a unique 
asynchronous key pair for each user and creates a token containing the private pair for 
each user and creates a token containing the private key for that particular user that is 
encrypted with the security gateway's"; 

the following is not taught in 635: "and wherein data-carrying objects in any given 
pair are fashioned so as to mechanically join together, and no two data-carrying 
objects not in the same pair will not or are unlikely to mechanically join 
together" however '163 teaches "The first engagement member may comprise a first 
end portion of the semiconductor chip assembly or a first tab extending from the 
semiconductor chip assembly" in col. 2, lines 44-59. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the network security system taught in '635 to include a means to 
mechanically join two provided data key to protect devices. One of ordinary skill in the 
art would have been motivated to perform such a modification to protect data -carrying 
objects from tampering see '163 (col. 2, lines 4 et seq.) "Accordingly, there is a need 
for a smart card having an integrated circuit which may be removed or replaced by 
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authorized personnel only. There is also a need for a smart card which provides an 
indication of tampering". 

As to dependent claim 41, "wherein data objects in a particular group 
mechanically join together to form an assemblage, where the assemblage is 
adapted to be attached to a device through a single connection" is taught in 163 
col. 6, lines 10-15 "Accordingly, it is an object of the present invention to provide a 
smart card having an integrated circuit which may be removed or replaced only by 
authorized personnel having a special tool". 

As to dependent claims 12 and 17, these claims incorporate substantially similar subject 
matter as in cited in the claims 36 and 41 above and are rejected along the same rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee 
pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the 
mailing date of this final action. 
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